Cannot edit a page
Closed this issue · 15 comments
I tried to edit a page and just see an error:
URL: http://domain.de/wikula/edit/tag/HomePage
Error
Access denied (error 403)
Sorry! You don't have authorisation for the page you wanted.
Additional information
Could not load the 'wikula' module at 'edit'.
Sorry! You have not been granted access to this page.
I am an administrator. .-)
Does this bug just happen with the edit function or also with other pages?
Only the edit function is affected.
I can not reproduce this problem. Here some test:
a. Comment the following lines lib/Wikula/Hanlder:
// Permission check
if (!ModUtil::apiFunc($this->name, 'Permission', 'canEdit', $this->_tag)) {
throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission());
}
Does it work now?
b. Changes this lines to
// Permission check
if (!SecurityUtil::checkPermission('Wikula::', '::', ACCESS_COMMENT)) {
return LogUtil::registerPermissionError();
}
Does this work?
Thank you for testing.
I think that this is more a shorturl related bug:
/index.php?module=wikula&type=user&func=edit&tag=HomePageis working fine/wikula/edit/tag/HomePagegenerates the error
I can not reproduce it with shorturls, too.
I think I've found it. Same problem as before in the breadcrumbs plugin here: ba7b802
$this->name is not always 'Wikula'
function initialize(Zikula_Form_View $view)
{
$this->_tag = FormUtil::getPassedValue('tag', null, "GET", FILTER_SANITIZE_STRING);
// Permission check
if (!ModUtil::apiFunc($this->name, 'Permission', 'canEdit', $this->_tag)) {
throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission());
}
If I replace $this->name with 'Wikula', then it works fine.
Is that a Zikula core bug?
If I call $this->name in API functions the name of the API module will shown. If I call $this->name in handlers the name of the calling module will shown.
If it's not a bug we should replace all $this->name in handlers.
But anyway this should not affect your case, because in this case the caller module is also Wikula. Can you print $this->name and check what it is? Empty?
No, it was the "News" module.
But only if shorturls are enabled.
I still can not reproduce it. I tried with shorturls and a news block, but there was no error. But anyway I think we know what is the problem. I will replace all $this->name in the non admin handler as workround. We can revert it as soon as the zikula core bug is solved.
Is the problem solved now?
Fixed
@hvorragend Carsten, we need to track down what's the shortURLs issue.
I cannot reproduce it either, so, you may need to tell us your Settings details, to revert the patch zikula/core#161, and to disable your blocks/modules one by one until you get the correct $this->name
I've temporary opened this ticket again.
Just try the following code:
File: src\modules\Wikula\lib\Wikula\Handler\EditTag.php
/**
* Setup form.
*
* @param Zikula_Form_View $view Current Zikula_Form_View instance.
*
* @return boolean
*/
function initialize(Zikula_Form_View $view)
{
$this->tag = FormUtil::getPassedValue('tag', null, "GET", FILTER_SANITIZE_STRING);
// Permission check
print_r($this->name);
die();
if (!ModUtil::apiFunc($this->name, 'Permission', 'canEdit', $this->tag)) {
throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission());
}
If you know want to edit the homepage (URL: http://domain.de/wikula/edit/tag/HomePage) with shorturls enabled, then you see the wrong modname printed.
print_r($this->name); should be Wikula, but it is News
My settings:
- Enable directory-based short URLs: ON
- Strip entry point from directory-based URLs: YES
- Separator for permalink titles: -
- Do not display module name in short URLs for: disabled
All blocks are disabled.
Your homepage module is News?
I was expecting News to be your default shortURL module, but you have it disabled? huh
I will need to access your machine to debug it in detail, and track the origin of that.
Contact me please ;-)